GDPR Article 31 outlines the legal obligation that an organisation has to cooperate with the supervisory authority, whomever that may be.
Cooperation with the supervisory authority
The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the supervisory authority in the performance of its tasks.
Cooperation with the commissioner
The controller and the processor and, where applicable, their representatives, shall cooperate, on request, with the Commissioner in the performance of the Commissioner’s tasks.
Book a 30 minute chat with us and we’ll show you how
PII and privacy protection has the potential to impact a large number of employees, users, customers, both internally and externally.
Organisations need to gain a firm understanding of the needs of any affected personnel and what ISO deems as ‘interested parties’.
Organisation’s need to establish and document:
Organisations should also take into account any legal, regulatory or contractual obligations, alongside practical and operational requirements.
When implementing a PIMS, organisations need to map out a list of interested parties that are either affected by a PIMS, or have a role to play in processing PII.
Where PII is concerned, an interested party could be one of the following (but not limited to):
It’s important to note that PII requirements – as related to a PIMS – often emanate from a wide range of sources, including:
It can often be difficult for governing and regulatory organisations to confirm adherence to published privacy protection standards on the part of an organisation, in its role as a PII processor and controller.
As such, organisations need to expect such bodies to call for independent reviews of any relevant Management System, in order to satisfy their own auditing requirements.
GDPR Article | ISO 27701 Clause | ISO 27701 Supporting Clauses |
---|---|---|
EU GDPR Article 31 | ISO 27701 5.2.2 | None |
GDPR is one of the world’s toughest privacy and security regulations, with significant fines for violations. Accordingly, organisations are required to protect personal data in a ‘reasonable’ manner.
But here’s the good news.
ISMS.online helps you demonstrate a level of protection that exceeds ‘reasonable’ in a secure, always-on location.
Data mapping made easy.
We make data mapping a simple task. By adding your organisation’s details to our preconfigured dynamic Records of Processing Activity tool, you can easily record and review it all.
If the worst happens, you’ll be ready.
With our tools, you can plan, communicate, document, and learn from every breach.
Find out more by booking a 30 minute demo.